I downloaded a Sheepshaver for Windows build from Columbia University:
http://www.columbia.edu/~em36/macos9win.html
When I run it, Windows Defender reported it as Malware (Bitrep.A).
Anyone else had this?
Is it a false positive?
Windows Defender reports Sheepshaver as Malware
Moderators: Cat_7, Ronald P. Regensburg, ClockWise
-
- Forum All-Star
- Posts: 1726
- Joined: Tue Oct 14, 2008 12:12 am
Re: Windows Defender reports Sheepshaver as Malware
As I said in a private e-mail to Paul D., if you don't trust my software, just don't use my software. It's as simple as that.
I don't expect anyone to take my word when I say the software is clean. Upload it to VirusTotal.com and let the experts test it.
I don't expect anyone to take my word when I say the software is clean. Upload it to VirusTotal.com and let the experts test it.
- adespoton
- Forum All-Star
- Posts: 4277
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: Windows Defender reports Sheepshaver as Malware
Do you have the SHA1 or SHA256 hash for that file? Bitrep appears to be detecting on a class of installers that drop and execute malware as part of an attack chain. The ones I've seen appear to be trying to install malware that captures credentials from point of sale and online credit card transactions.
[edit] If this is emendelson's bundle, it's highly unlikely to be a TP. Best to submit it to Microsoft as an FP.
Submitting it to VT may have a cascade effect, as some vendors will see that MS has detected the file and detect it as well, which will cause further vendors to consider it malicious. So getting all vendors to clean up at that point may take a while.
[edit] If this is emendelson's bundle, it's highly unlikely to be a TP. Best to submit it to Microsoft as an FP.
Submitting it to VT may have a cascade effect, as some vendors will see that MS has detected the file and detect it as well, which will cause further vendors to consider it malicious. So getting all vendors to clean up at that point may take a while.
-
- Forum All-Star
- Posts: 1726
- Joined: Tue Oct 14, 2008 12:12 am
Re: Windows Defender reports Sheepshaver as Malware
It seems that someone submitted the file to VirusTotal.com on 22 July. Here are the results:
https://www.virustotal.com/#/url/0e6a85 ... /detection
https://www.virustotal.com/#/url/0e6a85 ... /detection
-
- Forum All-Star
- Posts: 1726
- Joined: Tue Oct 14, 2008 12:12 am
Re: Windows Defender reports Sheepshaver as Malware
The original poster took the trouble to send me an e-mail telling me he had decided not to use my system after all, because he got another malware warning from him. I urged him to delete the software and not to think about it again, because I didn't see any point in wasting time trying to convince someone to use something he doesn't trust.
However, what may have produced that warning is this: I wrote my Windows-based launcher for SheepShaver in the AutoIt scripting language, and some anti-virus programs (Avast, Avira, Webroot, at different times) simply treat all AutoIt-based programs as dangerous, because script-kiddies used AutoIt to create malware in the past. There's nothing to be done about this except to get a better antivirus program.
However, what may have produced that warning is this: I wrote my Windows-based launcher for SheepShaver in the AutoIt scripting language, and some anti-virus programs (Avast, Avira, Webroot, at different times) simply treat all AutoIt-based programs as dangerous, because script-kiddies used AutoIt to create malware in the past. There's nothing to be done about this except to get a better antivirus program.
- adespoton
- Forum All-Star
- Posts: 4277
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: Windows Defender reports Sheepshaver as Malware
Ah; that explains it. Trust me: it's not just script kiddies using it in the past; there are thousands of malware files pumped out each day that use AutoIt despite the fact that most spammers have moved on to using powershell finally.emendelson wrote:I wrote my Windows-based launcher for SheepShaver in the AutoIt scripting language, and some anti-virus programs (Avast, Avira, Webroot, at different times) simply treat all AutoIt-based programs as dangerous, because script-kiddies used AutoIt to create malware in the past. There's nothing to be done about this except to get a better antivirus program.
AutoIt is best used for internal tools.
-
- Forum All-Star
- Posts: 1726
- Joined: Tue Oct 14, 2008 12:12 am
Re: Windows Defender reports Sheepshaver as Malware
If I knew how to use anything else, I would! AppleScript and AutoIt are more or less my limits.adespoton wrote:AutoIt is best used for internal tools.